Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

E-mail forwarders security

Discussion in 'E-mail Discussion' started by chrismfz, Sep 3, 2018.

  1. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    125
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    We have a lot of outbreaks using forwarders.

    Hacked e-mail users (not cPanel main user) using webmail are installing various forwarders.
    Typically to receive every mail to another account and intercept communications/passwords/whatever malware-or-evil-deed-goes-here.

    Is there a way to disable forwarders for mail users ? If someone needs a forwarder he/she can create from inside cPanel. Not the e-mail username/password.

    I found various ways of blocking / disabling mail forwarders but not something like this.
    I am not searching to completely disable forwarders, just from the end-mail-user because of the security risks.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @chrismfz

    You can disable the forwarder manager from the feature list for the account but there isn't currently a method to disable the forwarders for just an email account. If you'd like to see this as something in the product I would suggest opening a feature request by clicking the link in my signature. Once it's open please post the link here so others can vote for it as well.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. chrismfz

    chrismfz Well-Known Member

    Joined:
    Jul 4, 2007
    Messages:
    125
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    Hello Lauren.

    I mean if there is an option to disable forwarders, filters, or the whole top bar from the mail users not completely from cPanel.

    Admin / owner should have access from cPanel normally.
    But users shouldn't.

    A Feature in feature list to disallow users from accessing those options should be enough.
    Is there a workaround for that?
     

    Attached Files:

  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    In the context of getting forwarders created by hackers, shouldn't we be concentrating on HOW the account got hacked in the first place so that the forwarder could be created ?

    I can see various scenarios where an email (and therefore a webmail) account could be compromised including:
    • Brute force password
    • Using a public pc and not clearing up your login details
    • Getting conned into giving away your password (by whatever method)
    • Password sniffed on public Wi-Fi
    • Keyloggers and other malware
    etc etc

    The sad reality is that a huge number of people can be persuaded to tell you their password just by offering them a bar of chocolate! and that is before various socially engineered scams trick them into entering it onto some web form that claims that their email account is about to be blocked unless they authenticate to it on this special form NOW (I had one of my customers conned by this trick last week resulting in a forwarder to a Gmail account).

    We are back to treating the symptom and not the disease by disallowing feature access to miscreants after they have already got in.

    I am not sure there will ever be an answer to persuading users to be careful about how and where they disclose or input their passwords, after all, the only thing separating genius from stupidity is that genius has limits !

    In the meantime, perhaps ensuring that users cant use stupidly short or dictionary words might provide some security, but then since they cant remember them, they will write their passwords down on a label and stick it to their monitor or laptop so that it is easy to find - I have seen them on public display on the lids of laptops being used at Wi-Fi hotspots.

    Probably, we need to get everyone that uses a computer implanted with an rfid that performs part of the authentication process (wouldn't law enforcement just love that ?) or make 3 or maybe 4FA obligatory, or maybe someone needs to develop a DNA scanner like a fingerprint reader..........

    One thing does occur to me that perhaps we should disallow authentication from plain text username/passwords and ensure that one or other encryption protocols are initiated prior to an authentication session - at least that might mitigate to some extent packet sniffers or Man-In-The-Middle events.

    Thanks for reading, and I am off to buy several bars of chocolate..........
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    sparek-3 and cPanelLauren like this.
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @chrismfz
    I understood what you mean and the method I noted is the only way to do that but it removes the ability to manage filters from the cPanel account as well. As I noted in my previous response if this is something you'd like to see in the product I would suggest opening a feature request for it.

    I also want to note that @rpvw's sentiment is correct in my opinion:
    Ultimately prevention of compromise is the best way to ensure that this behavior stops.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,920
    Likes Received:
    167
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Is there a way to super like @rpvw's post?
     
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice